Cyber Crime Vocabulary
Bad Actor
What is the term for a cyber criminal or hacker.
Email from a Nigerian Prince asking for money.
What is the OG of phishing emails?
Cyber Education is a waste of time. T/F
False - Employees are the first line of defence for a company and cyber criminals are becoming more sophisticated.
Example 1
Spam that automatically gets moved to your spam folder in your inbox - you don't even see it.
Tip 1
Zero Trust - Never Trust and Always Verify
Phishing
What is the term for a fraudulent communication that appears to come from a legitimate and reputable source?
Spelling errors
Red Flag to spot a phishing email.
Clicking an email link is harmless. T/F
False - Clicking a link can distribute malware, take over the network, steal information, hide until it's the best time to execute a cyber attack.
Example 2
Royal Bank "called" me and the professional woman with the lovely accent chuckled and said, "you're so right" when I asked her, "how do I know YOU"RE from RBC?" Then she hung up on me because she knew I was getting suspicious.
Tip 2
Hover, Look and Think before you click.
Smishing
What is the term for phishing SMS texts?
Unexpected request to buy gift cards from unexpected people.
What is another Red Flag for phishing emails?
Delete emails with attachments or links from unknown people - T/F
True - better to delete and report suspicious emails. You can follow up separately with a phone call or email to your usual contact.
Example 3
Client received an email from my account manager but there was an extra letter in the email address. A fraudulent insurance invoice was paid because they didn't call us to verify the change in bank account details.
Tip 3
Strong Passwords - use Phrases. Don't reuse them.
Social Engineering [Fraud]
What is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes?
Request with a sense of urgency or panic.
What is another way to exploit human nature and our tendency to trust?
Personal emails on work devices can't cause cyber issues - T/F
False - IT has security on work related devices and emails however compromised personal devices could cross contaminate corporate assets.
Example 4
"Quizzes" that were on social media collecting information about you - city born, street you lived on, high school, dog's name....were exercises in gathering personal information for bad actors
Tip 4
Verify any change in banking details or mailing address in person or phone call to your usual contact.
Zero Trust
What is the cybersecurity framework that assumes all uses, devices, requests are untrusted by default?
What is the estimated number of phishing emails sent a day?
Phishing emails are obvious and easy to spot - T/F
False - Today's world is moving too quickly and working off a screen not much bigger than a deck of cards. URLs, false email addresses, false company websites are harder to spot than ever.
Example 5
Friend's daughter gave her ID and password to her 'friend' who DMd her on Instagram - without any thought or question.